How European law protects whistleblowers

Home / Publications / How European law protects whistleblowers

The deadline for transposing Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law (“the Directive”) into national law is approaching. The Directive adopted on 23 October gives Member States until 17 December 2021. Some of them have already made significant progress in this respect, while for others the transposition process is still in its early stages. Some of the member states’ legislations have already partially settled this matter before the adoption of the Directive, but the Directive goes into more detail due to the sensitivity of the issues.

The transposition of such a directive and the regulation of the matter within the framework of national legislation requires the identification and understanding of the problems it aims to solve. In this case – the complications of ensuring a reliable and confidential way to report  various types of misconduct in the private and public sectors, and limiting the potential negative consequences of reporting for the whistleblower.

Material scope

The scope of Directive is rather broad as it covers: public procurement, financial services, products and markets, prevention of money laundering, protection of the environment, public health, consumer protection, transport safety, protection of privacy and personal data, security of network and information systems, etc.

System for  report submission

The Directive proposes a 3-tier system including:

  1. Internal channels: responsibility of the respective organisation, set up and maintained either by the organisation itself or by a third party; information should be routed and processed by a dedicated department
  2. External channels: responsibility of the Member-State and its bodies/institutions as well as the European institutions; information will be routed and processed by the relevant authorities
  3. Public: reporting the information directly to the media or a public website/forum

The development of the 3-tier system is primarily driven by the need to improve the already existing alternatives to internal channels (e.g. the so-called “hotlines”). It is expected that the affected individuals will be encouraged to proceed firstly and mostly to the internal whistleblowing channels established under the Directive. This both limits the negative consequences for the organisation from a reputational standpoint and strengthens the employee-employer relationship based on trust and confidence that the issue can be dealt with effectively and efficiently with a high level of confidentiality.

All this is only possible if the internal system in place can be objectively expected to reliably address the problem. Therefore, in order to maximise impartiality, the Directive provides that the internal channel report system may also be developed and maintained by a third party. A high degree of confidentiality of the report and the processing and storage of the information must be ensured due to the potential negative consequences for the whistleblower.

Who does the Directive apply to

The requirement to set up internal whistleblowing channels applies to companies with 250 or more employees from 17 December 2021 and to 50-249 employees from 17 December 2023. This gives smaller companies more time to ensure that they have an internal system that is fully compliant with the Directive. On the other hand, organisations and companies with up to 50 employees are exempted from the responsibility of ensuring internal systems for the communication of such information. Exceptions are provided for socially specific areas, as well as those which are obliged to set up such internal channels under other Union acts.

Additional characteristics of the report

The Directive contains a number of additional features regarding the information that the whistleblower reports. On one hand, whistleblowing is protected for infringements that have already occurred, infringements that have not yet occurred but are likely to occur, acts or omissions that the whistleblower has reasonable grounds to believe are infringements, and attempts to conceal infringements. On the other hand, a condition is placed on the whistleblower themself. The whistleblower must have had reasonable grounds to believe that the the matter reported by them is true at the time it was reported and that this information falls within the scope of the Directive. The aim is to limit malicious and frivolous acts of whisteblowing. If these conditions are met, the motivation of the whistleblower for reporting are considered irrelevant.

Regarding potential retaliation for the whistleblower

Last but not least, it is worth noting how the Directive deals with the issue of potential negative consequences that threaten whistleblowers. Typically, these do not precede the whistleblowing but follow it, taking the form of retaliation or punishment by the person or organisation against whom the whistleblowing has been made. Because the causal link between whistleblowing and retaliatory consequences is difficult to prove, and because of the internal administrative structure of the organisation that is presumed to be behind the entity being whistleblowed against, the burden of proof under the Directive shifts to the ‘accused’.  In other words, the presumption is that causation exists, and it is up to the accused person or organisation to prove that this is not true.

The article above is for information purposes only. It is not a (binding) legal advice. For a thorough understanding of the subjects covered and prior acting on any issue discussed we kindly recommend Readers consult Ilieva, Voutcheva & Co. Law Firm attorneys at law.